Proactive Breach Prevention using Automated Compliance and Continuous Auditing

Presented by

Niklas Nilsson, CISSP, CCSP, Senior Information Technology Consultant, Nexer Group

About this talk

Requiring non-security specialists to describe their posture and informing the management hierarchies on our current security posture is difficult. The language is foreign and does not lend itself to exactness. The eternal question is “Are we secure? The expected answer then cannot be “It depends…”, but rather an aggregated statement, very close to a single “Yes” or “No”. In case of a negative response, it is also expected to hear of the gaps and the plans to fill them to become secure again. To accomplish this aggregated statement, a traditional assurance cycle of up to a year is too slow. The product owners need to have security activities in their backlog, they need to know when circumstances change to be able to address them based on risk. The management hierarchy needs to be informed with the current security posture and what implications that brings. The road to prevent breaches is paved with measurements, a quick feed-back loop and AI assisted decision making. All meant to push security decisions out in the organization. Here one could add the analogy of driving a car, where the driver, or senior manager, has to take decisions based on situational awareness and information provided by the car. The driver does not need to know the exact oil pressure or the cooling temperature, but rather if it has reached a hazardous level. The driver cannot base decisions on oil pressure solely by dipping the stick before starting the journey, which would be equivalent to classic compliance. To prevent breaches senior management need to know that circumstances have changed, when they change, and ultimately that they are about to change. In this webinar you will be inspired by a Proof of Concept and an idea of how to implement and extend it.

Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (1375)
Subscribers (42783)
Increasing expectations for good data governance, effective risk management and complex demands for legislative and regulatory compliance are presenting a growing challenge for organizations of all sizes. Tune in to live and recorded presentations by respected luminaries in the fields of governance, risk and compliance for insights on how to implement successful GRC strategies and processes for your organization.